Web lists-archives.com

[Samba] Changing expired Samba AD password during Windows login

I'm running a Samba AD 4.7.4 and cannot set a new password for a user with an expired password during login from a Windows PC. Changing a password from inside a login with cntl-alt-del "change password" works ok.

I've already decreased the minimum password age to 0

samba-tool domain passwordsettings show

Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 0
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30

My Samba install is brand new and the Windows PC is a clean test PC. I'm running on Ubuntu 16.04.3 and had to compile from source Samba 4.7.4 after compiling from source krb5 1.15.2. All other build dependencies came from default Ubuntu 16.04.3 repos


# Global parameters
        dns forwarder = xxx.xxx.xxx.xxx
        netbios name = DCNAME
        server role = active directory domain controller
        workgroup = DOMAINNAME
        idmap_ldb:use rfc2307 = yes

        log level = 5

        path = /usr/local/samba/var/locks/sysvol/domainname.domain.com/scripts
        read only = No

        path = /usr/local/samba/var/locks/sysvol
        read only = No

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba